Skip to content

eRA Commons 2-Factor Authentication

To make eRA user accounts more secure, eRA is requiring use of two-factor authentication instead of an eRA account username and password to access eRA modules (eRA Commons, Commons Mobile, ASSIST, Internet Assisted Review).

Switching to using two-factor authentication makes eRA user accounts more secure and helps maintain confidential information.


Starting on September 15, 2021, eRA will begin a phased approach for requiring the use of two-factor authentication for user accounts. The new timing of enforcing the requirement depends on the type of user account and a new triggering event. See NOT-OD-21-172.

The Type of User Account:

The Triggering Event:

  • All PIs and key personnel associated with an application or Research Performance Progress Report (RPPR) will be required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or 2) or their RPPR.

Forty-five days after this triggering event, these users will not be able to access eRA systems until they set up and use a two-factor authentication service provider - and/or an InCommon Federated account (that supports NIH’s two-factor authentication standards).

eRA will send reminder messages during the 45-day period to individual users who are required to transition to the new two-factor authentication requirement.

Last Updated: 12/1/22